CVE-2012-4226

Name of the Vulnerable Software and Affected Versions Quick Post Widget plugin version 1.9.1

Description The issue allows remote attackers to inject arbitrary web script or HTML via the Title, Content, or New category field to "wordpress/" or the query string to "wordpress/". This can lead to cross-site scripting (XSS) attacks.

Recommendations For Quick Post Widget plugin version 1.9.1, consider disabling the plugin until a patch is available to prevent exploitation. Restrict access to the vulnerable fields, such as Title, Content, and New category, to minimize the risk of XSS attacks. Avoid using the query string to "wordpress/" with untrusted input until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.